# HG changeset patch # User xuelei # Date 1450184340 0 # Node ID 9f93cbce8c44f0027a1cb8240b2358309d3ddecb # Parent e0ab9045a0dc46502c5695683ef335950d296d21 8144773: Further reduce use of MD5 Reviewed-by: mullan, wetmore, jnimeh, ahgross diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java Tue Dec 15 12:59:00 2015 +0000 @@ -333,7 +333,7 @@ input, serverKey, clnt_random.random_bytes, svr_random.random_bytes, messageLen, - localSupportedSignAlgs, protocolVersion); + getLocalSupportedSignAlgs(), protocolVersion); handshakeState.update(dhSrvKeyExchange, resumingSession); this.serverKeyExchange(dhSrvKeyExchange); } catch (GeneralSecurityException e) { @@ -348,7 +348,7 @@ new ECDH_ServerKeyExchange (input, serverKey, clnt_random.random_bytes, svr_random.random_bytes, - localSupportedSignAlgs, protocolVersion); + getLocalSupportedSignAlgs(), protocolVersion); handshakeState.update(ecdhSrvKeyExchange, resumingSession); this.serverKeyExchange(ecdhSrvKeyExchange); } catch (GeneralSecurityException e) { @@ -398,7 +398,7 @@ Collection supportedPeerSignAlgs = SignatureAndHashAlgorithm.getSupportedAlgorithms( - peerSignAlgs); + algorithmConstraints, peerSignAlgs); if (supportedPeerSignAlgs.isEmpty()) { throw new SSLHandshakeException( "No supported signature and hash algorithm in common"); @@ -1211,8 +1211,8 @@ if (protocolVersion.useTLS12PlusSpec()) { preferableSignatureAlgorithm = SignatureAndHashAlgorithm.getPreferableAlgorithm( - peerSupportedSignAlgs, signingKey.getAlgorithm(), - signingKey); + getPeerSupportedSignAlgs(), + signingKey.getAlgorithm(), signingKey); if (preferableSignatureAlgorithm == null) { throw new SSLHandshakeException( diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java Tue Dec 15 12:59:00 2015 +0000 @@ -1943,7 +1943,7 @@ // the signature bytes private byte[] signature; - // protocol version being established using this ServerKeyExchange message + // protocol version being established using this CertificateVerify message ProtocolVersion protocolVersion; // the preferable signature algorithm used by this CertificateVerify message @@ -1996,7 +1996,7 @@ preferableSignatureAlgorithm)) { throw new SSLHandshakeException( "Unsupported SignatureAndHashAlgorithm in " + - "ServerKeyExchange message"); + "CertificateVerify message"); } } diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Tue Dec 15 12:59:00 2015 +0000 @@ -90,7 +90,7 @@ AlgorithmConstraints algorithmConstraints = null; // Local supported signature and algorithms - Collection localSupportedSignAlgs; + private Collection localSupportedSignAlgs; // Peer supported signature and algorithms Collection peerSupportedSignAlgs; diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java Tue Dec 15 12:59:00 2015 +0000 @@ -320,7 +320,7 @@ case HandshakeMessage.ht_certificate_verify: CertificateVerify cvm = new CertificateVerify(input, - localSupportedSignAlgs, protocolVersion); + getLocalSupportedSignAlgs(), protocolVersion); handshakeState.update(cvm, resumingSession); this.clientCertificateVerify(cvm); @@ -772,11 +772,10 @@ Collection supportedPeerSignAlgs = SignatureAndHashAlgorithm.getSupportedAlgorithms( - peerSignAlgs); + algorithmConstraints, peerSignAlgs); if (supportedPeerSignAlgs.isEmpty()) { throw new SSLHandshakeException( - "No supported signature and hash algorithm " + - "in common"); + "No signature and hash algorithm in common"); } setPeerSupportedSignAlgs(supportedPeerSignAlgs); @@ -1351,6 +1350,13 @@ supportedSignAlgs = new ArrayList(1); supportedSignAlgs.add(algorithm); + + supportedSignAlgs = + SignatureAndHashAlgorithm.getSupportedAlgorithms( + algorithmConstraints, supportedSignAlgs); + + // May be no default activated signature algorithm, but + // let the following process make the final decision. } // Sets the peer supported signature algorithm to use in KM @@ -1395,6 +1401,11 @@ SignatureAndHashAlgorithm.getPreferableAlgorithm( supportedSignAlgs, "RSA", privateKey); if (preferableSignatureAlgorithm == null) { + if ((debug != null) && Debug.isOn("handshake")) { + System.out.println( + "No signature and hash algorithm for cipher " + + suite); + } return false; } } @@ -1413,6 +1424,11 @@ SignatureAndHashAlgorithm.getPreferableAlgorithm( supportedSignAlgs, "RSA", privateKey); if (preferableSignatureAlgorithm == null) { + if ((debug != null) && Debug.isOn("handshake")) { + System.out.println( + "No signature and hash algorithm for cipher " + + suite); + } return false; } } @@ -1428,6 +1444,11 @@ SignatureAndHashAlgorithm.getPreferableAlgorithm( supportedSignAlgs, "DSA"); if (preferableSignatureAlgorithm == null) { + if ((debug != null) && Debug.isOn("handshake")) { + System.out.println( + "No signature and hash algorithm for cipher " + + suite); + } return false; } } @@ -1446,6 +1467,11 @@ SignatureAndHashAlgorithm.getPreferableAlgorithm( supportedSignAlgs, "ECDSA"); if (preferableSignatureAlgorithm == null) { + if ((debug != null) && Debug.isOn("handshake")) { + System.out.println( + "No signature and hash algorithm for cipher " + + suite); + } return false; } } @@ -1487,7 +1513,8 @@ ClientKeyExchangeService.find(keyExchange.name); if (p == null) { // internal error, unknown key exchange - throw new RuntimeException("Unrecognized cipherSuite: " + suite); + throw new RuntimeException( + "Unrecognized cipherSuite: " + suite); } // need service creds if (serviceCreds == null) { diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/src/java.base/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java Tue Dec 15 12:59:00 2015 +0000 @@ -166,10 +166,13 @@ // Get supported algorithm collection from an untrusted collection static Collection getSupportedAlgorithms( + AlgorithmConstraints constraints, Collection algorithms ) { Collection supported = new ArrayList<>(); for (SignatureAndHashAlgorithm sigAlg : algorithms) { - if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) { + if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM && + constraints.permits(SIGNATURE_PRIMITIVE_SET, + sigAlg.algorithm, null)) { supported.add(sigAlg); } } @@ -233,30 +236,42 @@ } static SignatureAndHashAlgorithm getPreferableAlgorithm( - Collection algorithms, - String expected, PrivateKey signingKey) { + Collection algorithms, + String expected, PrivateKey signingKey) { - if (expected == null && !algorithms.isEmpty()) { - for (SignatureAndHashAlgorithm sigAlg : algorithms) { - if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) { - return sigAlg; + int maxDigestLength = getMaxDigestLength(signingKey); + for (SignatureAndHashAlgorithm algorithm : algorithms) { + int signValue = algorithm.id & 0xFF; + if ((expected == null) || + (expected.equalsIgnoreCase("rsa") && + signValue == SignatureAlgorithm.RSA.value) || + (expected.equalsIgnoreCase("dsa") && + signValue == SignatureAlgorithm.DSA.value) || + (expected.equalsIgnoreCase("ecdsa") && + signValue == SignatureAlgorithm.ECDSA.value) || + (expected.equalsIgnoreCase("ec") && + signValue == SignatureAlgorithm.ECDSA.value)) { + + if (algorithm.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM && + algorithm.hash.length <= maxDigestLength) { + + return algorithm; } } - - return null; // no supported algorithm - } - - if (expected == null ) { - return null; // no expected algorithm, no supported algorithm } - /* - * Need to check RSA key length to match the length of hash value - */ + return null; + } + + /* + * Need to check key length to match the length of hash value + */ + private static int getMaxDigestLength(PrivateKey signingKey) { int maxDigestLength = Integer.MAX_VALUE; + + // only need to check RSA algorithm at present. if (signingKey != null && - "rsa".equalsIgnoreCase(signingKey.getAlgorithm()) && - expected.equalsIgnoreCase("rsa")) { + "rsa".equalsIgnoreCase(signingKey.getAlgorithm())) { /* * RSA keys of 512 bits have been shown to be practically * breakable, it does not make much sense to use the strong @@ -284,25 +299,7 @@ // preferable hash algorithm. } - for (SignatureAndHashAlgorithm algorithm : algorithms) { - int signValue = algorithm.id & 0xFF; - if (expected.equalsIgnoreCase("rsa") && - signValue == SignatureAlgorithm.RSA.value) { - if (algorithm.hash.length <= maxDigestLength) { - return algorithm; - } - } else if ( - (expected.equalsIgnoreCase("dsa") && - signValue == SignatureAlgorithm.DSA.value) || - (expected.equalsIgnoreCase("ecdsa") && - signValue == SignatureAlgorithm.ECDSA.value) || - (expected.equalsIgnoreCase("ec") && - signValue == SignatureAlgorithm.ECDSA.value)) { - return algorithm; - } - } - - return null; + return maxDigestLength; } static enum HashAlgorithm { diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/src/java.base/share/conf/security/java.security --- a/jdk/src/java.base/share/conf/security/java.security Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/src/java.base/share/conf/security/java.security Tue Dec 15 12:59:00 2015 +0000 @@ -576,7 +576,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 +jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java --- a/jdk/test/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -159,8 +159,10 @@ public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/javax/net/ssl/ServerName/SSLSocketSNISensitive.java --- a/jdk/test/javax/net/ssl/ServerName/SSLSocketSNISensitive.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/javax/net/ssl/ServerName/SSLSocketSNISensitive.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -433,8 +433,10 @@ public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java --- a/jdk/test/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -230,8 +230,10 @@ public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/javax/net/ssl/TLSv12/ShortRSAKey512.java --- a/jdk/test/javax/net/ssl/TLSv12/ShortRSAKey512.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/javax/net/ssl/TLSv12/ShortRSAKey512.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -282,6 +282,8 @@ // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java --- a/jdk/test/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -303,6 +303,8 @@ // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) { System.setProperty("javax.net.debug", "all"); diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java --- a/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -745,8 +745,10 @@ public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java --- a/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -746,8 +746,10 @@ public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java --- a/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -745,8 +745,10 @@ public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/sun/net/www/protocol/https/HttpsURLConnection/Identities.java --- a/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/Identities.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/Identities.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -745,8 +745,10 @@ public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java --- a/jdk/test/sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -287,8 +287,10 @@ public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/sun/security/ssl/SSLContextImpl/TrustTrustedCert.java --- a/jdk/test/sun/security/ssl/SSLContextImpl/TrustTrustedCert.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/sun/security/ssl/SSLContextImpl/TrustTrustedCert.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -339,8 +339,10 @@ public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/sun/security/ssl/X509KeyManager/PreferredKey.java --- a/jdk/test/sun/security/ssl/X509KeyManager/PreferredKey.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/sun/security/ssl/X509KeyManager/PreferredKey.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -57,8 +57,10 @@ public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); KeyStore ks; KeyManagerFactory kmf; diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java --- a/jdk/test/sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -458,8 +458,10 @@ public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/sun/security/ssl/X509TrustManagerImpl/PKIXExtendedTM.java --- a/jdk/test/sun/security/ssl/X509TrustManagerImpl/PKIXExtendedTM.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/sun/security/ssl/X509TrustManagerImpl/PKIXExtendedTM.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -794,8 +794,10 @@ public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java --- a/jdk/test/sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -306,8 +306,10 @@ public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); diff -r e0ab9045a0dc -r 9f93cbce8c44 jdk/test/sun/security/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java --- a/jdk/test/sun/security/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java Thu Dec 10 12:13:12 2015 +0300 +++ b/jdk/test/sun/security/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java Tue Dec 15 12:59:00 2015 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -796,8 +796,10 @@ public static void main(String args[]) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all");